strongswan.git
9 years agopluto: Fixed comparison of connections, if marks are specified.
Tobias Brunner [Mon, 30 Aug 2010 07:59:25 +0000 (09:59 +0200)]
pluto: Fixed comparison of connections, if marks are specified.

9 years agopluto: Store xfrm marks on connection and use them when installing SAs and policies.
Tobias Brunner [Mon, 30 Aug 2010 07:56:53 +0000 (09:56 +0200)]
pluto: Store xfrm marks on connection and use them when installing SAs and policies.

9 years agostarter: Some whitespace cleanup.
Tobias Brunner [Mon, 30 Aug 2010 06:58:56 +0000 (08:58 +0200)]
starter: Some whitespace cleanup.

9 years agopluto: Added PLUTO_UDP_ENC argument to updown script.
Tobias Brunner [Mon, 30 Aug 2010 06:54:38 +0000 (08:54 +0200)]
pluto: Added PLUTO_UDP_ENC argument to updown script.

This contains the remote UDP port in case of UDP encapsulated ESP.

9 years agopluto: Return value fixed.
Tobias Brunner [Mon, 30 Aug 2010 06:47:13 +0000 (08:47 +0200)]
pluto: Return value fixed.

9 years agopluto: Removed bare shunt table.
Tobias Brunner [Wed, 18 Aug 2010 07:41:04 +0000 (09:41 +0200)]
pluto: Removed bare shunt table.

9 years agoDo not install routes for pluto.
Tobias Brunner [Tue, 17 Aug 2010 07:48:59 +0000 (09:48 +0200)]
Do not install routes for pluto.

There are some incompatibilities with e.g. passthrough policies.
Pluto installs required source routes via updown script.

9 years agopluto: Handle changed NAT mappings via libhydra's kernel interface.
Tobias Brunner [Mon, 16 Aug 2010 17:07:30 +0000 (19:07 +0200)]
pluto: Handle changed NAT mappings via libhydra's kernel interface.

9 years agopluto: Removed no_klips flag (--noklips option).
Tobias Brunner [Mon, 16 Aug 2010 13:53:56 +0000 (15:53 +0200)]
pluto: Removed no_klips flag (--noklips option).

9 years agopluto: Removed references to KLIPS from documentation, log messages and comments.
Tobias Brunner [Mon, 16 Aug 2010 12:32:55 +0000 (14:32 +0200)]
pluto: Removed references to KLIPS from documentation, log messages and comments.

9 years agopluto: Added --debug-kernel as alias for --debug-klips.
Tobias Brunner [Mon, 16 Aug 2010 12:59:23 +0000 (14:59 +0200)]
pluto: Added --debug-kernel as alias for --debug-klips.

9 years agopluto: Replaced DBG_KLIPS with DBG_KERNEL.
Tobias Brunner [Mon, 16 Aug 2010 12:07:09 +0000 (14:07 +0200)]
pluto: Replaced DBG_KLIPS with DBG_KERNEL.

9 years agopluto: Removed the KLIPS preprocessor flag.
Tobias Brunner [Mon, 16 Aug 2010 12:02:25 +0000 (14:02 +0200)]
pluto: Removed the KLIPS preprocessor flag.

9 years agopluto: Removed unneeded kernel abstractions.
Tobias Brunner [Mon, 16 Aug 2010 09:26:31 +0000 (11:26 +0200)]
pluto: Removed unneeded kernel abstractions.

9 years agopluto: Completely removed struct kernel_ops.
Tobias Brunner [Mon, 16 Aug 2010 09:12:57 +0000 (11:12 +0200)]
pluto: Completely removed struct kernel_ops.

9 years agopluto: Refactored PF_KEY capabilities registration.
Tobias Brunner [Mon, 16 Aug 2010 08:33:37 +0000 (10:33 +0200)]
pluto: Refactored PF_KEY capabilities registration.

Although we use the kernel interface from libhydra we still need this to make
the available algorithms known to pluto.

9 years agopluto: Removed unneeded functions from PF_KEY interface.
Tobias Brunner [Wed, 11 Aug 2010 11:51:03 +0000 (13:51 +0200)]
pluto: Removed unneeded functions from PF_KEY interface.

We still use the algorithm registration.

9 years agopluto: Completely removed orphaned_holds.
Tobias Brunner [Tue, 10 Aug 2010 15:36:38 +0000 (17:36 +0200)]
pluto: Completely removed orphaned_holds.

9 years agoScheduler and processor have been moved to libstrongswan.
Tobias Brunner [Tue, 3 Aug 2010 16:57:30 +0000 (18:57 +0200)]
Scheduler and processor have been moved to libstrongswan.

Also reverts 0c21dc000d3cd5c82eb22c4481e6459978456364 as the dependency
to libcharon is no longer required.

9 years agopluto: Install IN policy of a shunt eroute with protocol.
Tobias Brunner [Tue, 10 Aug 2010 13:09:13 +0000 (15:09 +0200)]
pluto: Install IN policy of a shunt eroute with protocol.

9 years agopluto: Fixed byte-order of ports in traffic selectors.
Tobias Brunner [Tue, 3 Aug 2010 14:40:41 +0000 (16:40 +0200)]
pluto: Fixed byte-order of ports in traffic selectors.

9 years agotesting: Print output of 'make oldconfig' to STDOUT, besides logging it.
Tobias Brunner [Tue, 10 Aug 2010 13:06:41 +0000 (15:06 +0200)]
testing: Print output of 'make oldconfig' to STDOUT, besides logging it.

9 years agotesting: Only sleep after a host has actually been started.
Tobias Brunner [Tue, 3 Aug 2010 14:37:12 +0000 (16:37 +0200)]
testing: Only sleep after a host has actually been started.

9 years agotesting: Build strongSwan a bit faster using make -j.
Tobias Brunner [Tue, 3 Aug 2010 14:34:47 +0000 (16:34 +0200)]
testing: Build strongSwan a bit faster using make -j.

9 years agotesting: Force the UML Kernel to x86.
Tobias Brunner [Tue, 3 Aug 2010 14:33:55 +0000 (16:33 +0200)]
testing: Force the UML Kernel to x86.

9 years agotesting: Adding kernel-netlink to pluto.load statements.
Tobias Brunner [Tue, 3 Aug 2010 11:05:33 +0000 (13:05 +0200)]
testing: Adding kernel-netlink to pluto.load statements.

9 years agotesting: Added missing host alice to test.conf.
Tobias Brunner [Tue, 3 Aug 2010 11:30:16 +0000 (13:30 +0200)]
testing: Added missing host alice to test.conf.

9 years agoCharon specific strongswan.conf options generalized.
Tobias Brunner [Tue, 3 Aug 2010 10:23:14 +0000 (12:23 +0200)]
Charon specific strongswan.conf options generalized.

9 years agopluto: Listen for kernel events via libhydra's kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:58:47 +0000 (11:58 +0200)]
pluto: Listen for kernel events via libhydra's kernel interface.

9 years agopluto: Adapted kernel.c to changed kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:53:40 +0000 (11:53 +0200)]
pluto: Adapted kernel.c to changed kernel interface.

9 years agoAdapted child_sa_t to changed kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:50:56 +0000 (11:50 +0200)]
Adapted child_sa_t to changed kernel interface.

9 years agoFixing installation of trap policies (SPI=0) in kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:49:28 +0000 (11:49 +0200)]
Fixing installation of trap policies (SPI=0) in kernel interface.

9 years agopluto: Do not close all file descriptors on startup, just redirect stdin, stdout...
Tobias Brunner [Fri, 30 Jul 2010 10:16:24 +0000 (12:16 +0200)]
pluto: Do not close all file descriptors on startup, just redirect stdin, stdout and stderr to /dev/null.

Otherwise the pipe used to synchronize pluto->events with the main
thread would be closed.

9 years agopluto: Added a generic event queue.
Tobias Brunner [Fri, 30 Jul 2010 09:51:15 +0000 (11:51 +0200)]
pluto: Added a generic event queue.

This allows to easily execute arbitrary callbacks in the context of the pluto
main thread (e.g. in order to synchronize with threads from the thread-pool).

9 years agopluto: Fixed the reqid that is passed to the updown script.
Tobias Brunner [Thu, 29 Jul 2010 11:37:39 +0000 (13:37 +0200)]
pluto: Fixed the reqid that is passed to the updown script.

9 years agopluto: Migrated setup_half_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 11:36:23 +0000 (13:36 +0200)]
pluto: Migrated setup_half_ipsec_sa to libhydra's kernel interface.

9 years agopluto: Removed unneeded get_proto_reqid.
Tobias Brunner [Thu, 29 Jul 2010 11:33:48 +0000 (13:33 +0200)]
pluto: Removed unneeded get_proto_reqid.

We will use the same reqid for all protocols, as in charon.

9 years agopluto: Added missing return_on in out_sa.
Tobias Brunner [Thu, 29 Jul 2010 10:24:18 +0000 (12:24 +0200)]
pluto: Added missing return_on in out_sa.

9 years agopluto: Use time_monotonic() instead of time() for use time calculation.
Tobias Brunner [Thu, 29 Jul 2010 10:19:48 +0000 (12:19 +0200)]
pluto: Use time_monotonic() instead of time() for use time calculation.

That's because get_sa_info now returns a monotonic timestamp.

9 years agopluto: Removed KLIPS specific code from was_eroute_idle.
Tobias Brunner [Thu, 29 Jul 2010 16:09:44 +0000 (18:09 +0200)]
pluto: Removed KLIPS specific code from was_eroute_idle.

9 years agopluto: Migrated get_sa_info to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 10:19:03 +0000 (12:19 +0200)]
pluto: Migrated get_sa_info to libhydra's kernel interface.

9 years agopluto: Migrated teardown_half_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 09:24:46 +0000 (11:24 +0200)]
pluto: Migrated teardown_half_ipsec_sa to libhydra's kernel interface.

9 years agopluto: Adapted sag_eroute to the new signature of eroute_connection.
Tobias Brunner [Thu, 29 Jul 2010 09:01:30 +0000 (11:01 +0200)]
pluto: Adapted sag_eroute to the new signature of eroute_connection.

9 years agopluto: Migrated raw_eroute to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 08:41:36 +0000 (10:41 +0200)]
pluto: Migrated raw_eroute to libhydra's kernel interface.

This introduces a new struct to pass the protocol information like spis.
Also adapted eroute_connection and the simple calls of raw_eroute to
the new signature.

9 years agopluto: Added a function to create a traffic_selector_t from an ip_subnet.
Tobias Brunner [Thu, 29 Jul 2010 08:46:45 +0000 (10:46 +0200)]
pluto: Added a function to create a traffic_selector_t from an ip_subnet.

9 years agopluto: Migrated update_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Tue, 27 Jul 2010 17:13:51 +0000 (19:13 +0200)]
pluto: Migrated update_ipsec_sa to libhydra's kernel interface.

9 years agopluto: Functions to convert IKEv1 ESP algos to IKEv2 identifiers added.
Tobias Brunner [Tue, 27 Jul 2010 16:05:38 +0000 (18:05 +0200)]
pluto: Functions to convert IKEv1 ESP algos to IKEv2 identifiers added.

9 years agopluto: Refactored IKEv2/IKEv1 crypto algorithm conversion functions.
Tobias Brunner [Tue, 27 Jul 2010 16:01:40 +0000 (18:01 +0200)]
pluto: Refactored IKEv2/IKEv1 crypto algorithm conversion functions.

9 years agoDo not overwrite the original mode when installing policies.
Tobias Brunner [Tue, 27 Jul 2010 15:38:03 +0000 (17:38 +0200)]
Do not overwrite the original mode when installing policies.

The mode is later used to decide if a route has to be installed.

9 years agopluto: Removed KLIPS specific algorithm detection.
Tobias Brunner [Mon, 26 Jul 2010 08:41:18 +0000 (10:41 +0200)]
pluto: Removed KLIPS specific algorithm detection.

9 years agopluto: Removed KLIPS specific bare shunt scanning.
Tobias Brunner [Tue, 20 Jul 2010 11:25:29 +0000 (13:25 +0200)]
pluto: Removed KLIPS specific bare shunt scanning.

9 years agoAdded support for different policy types in kernel_netlink plugin.
Tobias Brunner [Mon, 19 Jul 2010 16:50:19 +0000 (18:50 +0200)]
Added support for different policy types in kernel_netlink plugin.

9 years agoAdded an option to specify the type of a policy to kernel_ipsec.add_policy.
Tobias Brunner [Mon, 19 Jul 2010 16:38:29 +0000 (18:38 +0200)]
Added an option to specify the type of a policy to kernel_ipsec.add_policy.

This will later allow us to support pluto's passthrough and drop
policies in charon.

9 years agopluto: Migrated get_my_cpi to libhydra's kernel interface.
Tobias Brunner [Mon, 19 Jul 2010 08:19:29 +0000 (10:19 +0200)]
pluto: Migrated get_my_cpi to libhydra's kernel interface.

9 years agopluto: Migrated get_ipsec_spi to libhydra's kernel interface.
Tobias Brunner [Thu, 15 Jul 2010 12:10:25 +0000 (14:10 +0200)]
pluto: Migrated get_ipsec_spi to libhydra's kernel interface.

9 years agoAdded support for combined IPComp/ESP/AH policies in kernel_netlink plugin.
Tobias Brunner [Mon, 19 Jul 2010 10:31:39 +0000 (12:31 +0200)]
Added support for combined IPComp/ESP/AH policies in kernel_netlink plugin.

9 years agoReplaced the protocol argument in add_policy with an optional SPI for an AH SA.
Tobias Brunner [Mon, 19 Jul 2010 09:25:47 +0000 (11:25 +0200)]
Replaced the protocol argument in add_policy with an optional SPI for an AH SA.

9 years agoInitialize the thread pool in pluto.
Tobias Brunner [Tue, 13 Jul 2010 11:18:04 +0000 (13:18 +0200)]
Initialize the thread pool in pluto.

9 years agoRefer to scheduler and processor via lib and not hydra.
Tobias Brunner [Thu, 15 Jul 2010 12:49:41 +0000 (14:49 +0200)]
Refer to scheduler and processor via lib and not hydra.

9 years agoMoved scheduler and thread pool to libstrongswan.
Tobias Brunner [Thu, 15 Jul 2010 12:26:19 +0000 (14:26 +0200)]
Moved scheduler and thread pool to libstrongswan.

9 years agoMoved all kernel plugins to libhydra.
Tobias Brunner [Mon, 12 Jul 2010 16:10:16 +0000 (18:10 +0200)]
Moved all kernel plugins to libhydra.

9 years agoMoved ipsec_transform_t to kernel_ipsec.h in libhydra.
Tobias Brunner [Mon, 12 Jul 2010 15:40:37 +0000 (17:40 +0200)]
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.

Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.

9 years agoRefer to kernel interface via hydra and not charon.
Tobias Brunner [Mon, 12 Jul 2010 09:14:54 +0000 (11:14 +0200)]
Refer to kernel interface via hydra and not charon.

9 years agoMoved kernel interface to libhydra.
Tobias Brunner [Mon, 12 Jul 2010 08:57:46 +0000 (10:57 +0200)]
Moved kernel interface to libhydra.

9 years agoRemoved references to protocol_id_t from kernel interface.
Tobias Brunner [Mon, 12 Jul 2010 08:35:19 +0000 (10:35 +0200)]
Removed references to protocol_id_t from kernel interface.

Instead we use the actual IP protocol identifier (the conversion now happens in
child_sa_t and kernel_handler_t).

9 years agoMigrated child_sa_t to INIT/METHOD macros.
Tobias Brunner [Mon, 12 Jul 2010 07:38:39 +0000 (09:38 +0200)]
Migrated child_sa_t to INIT/METHOD macros.

9 years agoMoved roam job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 14:03:09 +0000 (16:03 +0200)]
Moved roam job creation to kernel event handler.

9 years agoRefer to scheduler via hydra and not charon.
Tobias Brunner [Tue, 6 Jul 2010 11:23:42 +0000 (13:23 +0200)]
Refer to scheduler via hydra and not charon.

9 years agoMoved scheduler_t to libhydra.
Tobias Brunner [Tue, 6 Jul 2010 11:13:39 +0000 (13:13 +0200)]
Moved scheduler_t to libhydra.

9 years agoMoved migrate job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:46:40 +0000 (12:46 +0200)]
Moved migrate job creation to kernel event handler.

9 years agoMoved update SA job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:34:15 +0000 (12:34 +0200)]
Moved update SA job creation to kernel event handler.

9 years agoMoved delete/rekey CHILD_SA job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:09:06 +0000 (12:09 +0200)]
Moved delete/rekey CHILD_SA job creation to kernel event handler.

9 years agoMoved acquire job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 09:50:43 +0000 (11:50 +0200)]
Moved acquire job creation to kernel event handler.

9 years agoAdded kernel event handler stub.
Tobias Brunner [Tue, 6 Jul 2010 09:36:58 +0000 (11:36 +0200)]
Added kernel event handler stub.

9 years agoAll kernel listener hooks are optional.
Tobias Brunner [Tue, 6 Jul 2010 14:09:06 +0000 (16:09 +0200)]
All kernel listener hooks are optional.

9 years agoAdded listener handling to kernel interface.
Tobias Brunner [Tue, 6 Jul 2010 11:02:01 +0000 (13:02 +0200)]
Added listener handling to kernel interface.

9 years agoAdded an interface for kernel event listeners.
Tobias Brunner [Tue, 6 Jul 2010 07:28:12 +0000 (09:28 +0200)]
Added an interface for kernel event listeners.

9 years agoSome minor comment fixes.
Tobias Brunner [Tue, 6 Jul 2010 08:48:55 +0000 (10:48 +0200)]
Some minor comment fixes.

9 years agoSome whitespace and code style fixes.
Tobias Brunner [Mon, 5 Jul 2010 16:52:50 +0000 (18:52 +0200)]
Some whitespace and code style fixes.

9 years agoDo not include files from libcharon in libhydra.
Tobias Brunner [Mon, 5 Jul 2010 16:49:41 +0000 (18:49 +0200)]
Do not include files from libcharon in libhydra.

9 years agoMove callback_job_t to libhydra.
Tobias Brunner [Mon, 5 Jul 2010 13:32:54 +0000 (15:32 +0200)]
Move callback_job_t to libhydra.

9 years agoFixing Doxygen groups after moving processor.
Tobias Brunner [Mon, 5 Jul 2010 13:24:58 +0000 (15:24 +0200)]
Fixing Doxygen groups after moving processor.

9 years agoRefer to processor via hydra and not charon.
Tobias Brunner [Mon, 5 Jul 2010 11:52:05 +0000 (13:52 +0200)]
Refer to processor via hydra and not charon.

9 years agoMove processor_t (thread-pool) to libhydra.
Tobias Brunner [Mon, 5 Jul 2010 11:46:04 +0000 (13:46 +0200)]
Move processor_t (thread-pool) to libhydra.

9 years agoSupport different hash/sig algorithms in handshake signing, including ECDSA
Martin Willi [Thu, 2 Sep 2010 08:29:32 +0000 (10:29 +0200)]
Support different hash/sig algorithms in handshake signing, including ECDSA

9 years agoAdded TLS ClientCertificateType identifiers
Martin Willi [Thu, 2 Sep 2010 08:05:11 +0000 (10:05 +0200)]
Added TLS ClientCertificateType identifiers

9 years agoAdded TLS specific Hash and Signature Algorithm identifiers
Martin Willi [Thu, 2 Sep 2010 07:21:45 +0000 (09:21 +0200)]
Added TLS specific Hash and Signature Algorithm identifiers

9 years agoFixed typos in tls_writer method descriptions
Martin Willi [Thu, 2 Sep 2010 08:28:51 +0000 (10:28 +0200)]
Fixed typos in tls_writer method descriptions

9 years agoRespect key types in stroke key/certificate backend
Martin Willi [Thu, 2 Sep 2010 10:37:27 +0000 (12:37 +0200)]
Respect key types in stroke key/certificate backend

9 years agoAdded an enumerator for registered credential builders
Martin Willi [Thu, 2 Sep 2010 07:46:09 +0000 (09:46 +0200)]
Added an enumerator for registered credential builders

9 years agoMigrated credential_factory to INIT/METHOD macros
Martin Willi [Thu, 2 Sep 2010 07:30:48 +0000 (09:30 +0200)]
Migrated credential_factory to INIT/METHOD macros

9 years agoadapted evaltest.dat to new RULE_OCSP_VALIDATION
Andreas Steffen [Wed, 1 Sep 2010 20:22:27 +0000 (22:22 +0200)]
adapted evaltest.dat to new RULE_OCSP_VALIDATION

9 years agocosmetics in debug output
Andreas Steffen [Wed, 1 Sep 2010 12:30:14 +0000 (14:30 +0200)]
cosmetics in debug output

9 years agodefined aaa_identity
Andreas Steffen [Tue, 31 Aug 2010 22:16:19 +0000 (00:16 +0200)]
defined aaa_identity

9 years agoincrease number of message due to large certificate payloads
Andreas Steffen [Tue, 31 Aug 2010 22:11:23 +0000 (00:11 +0200)]
increase number of message due to large certificate payloads

9 years agoclarified debug output
Andreas Steffen [Tue, 31 Aug 2010 21:22:39 +0000 (23:22 +0200)]
clarified debug output

9 years agofixed typo
Andreas Steffen [Tue, 31 Aug 2010 19:42:14 +0000 (21:42 +0200)]
fixed typo

9 years agoDo not process any more TLS handshake messages on fatal alerts
Martin Willi [Tue, 31 Aug 2010 16:08:46 +0000 (18:08 +0200)]
Do not process any more TLS handshake messages on fatal alerts

9 years agoLoad a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined
Martin Willi [Tue, 31 Aug 2010 16:02:46 +0000 (18:02 +0200)]
Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined

9 years agoStrictly check if the server certificate matches the TLS server identity
Martin Willi [Tue, 31 Aug 2010 16:07:38 +0000 (18:07 +0200)]
Strictly check if the server certificate matches the TLS server identity